Usermod -aG vs gpasswd -a as a best practice

linux users best-practices centos redhat

I am aware that usermod -g is not best practice from many posts like this however they normally explain the usermod should not be used as it changes the primary group of a user. These posts don't seem to take into account the -aG switch which just appends the group.

Is this still poor practice or no different than using gpasswd -a?


They both can do the same, it's just with usermod you can do it wrong if you don't pay enough attention.

In this wiki from Arch Linux (it is the same for other distros), it's explained:

To add a user to other groups use (additional_groups is a comma-separated list):

# usermod -aG additional_groups username

Warning: If the -a option is omitted in the usermod command above, the user is removed from all groups not listed in additional_groups (i.e. the user will be member only of those groups listed in additional_groups).

Alternatively, gpasswd may be used. Though the username can only be added (or removed) from one group at a time.

# gpasswd --add username group

Related

Blue/Green deployments with CloudFront
Multi-query multiple DNS record types at once
Powershell equivalent of Ctrl+R?
How to change FTP password from command line?
How do I know if I need a layer 3 switch?
How to delete scheduled task from command line without confirmation? (schtasks delete)
add_header directives in location overwriting add_header directives in server
How to configure D-Bus and SSH X-Forwarding to prevent SSH from hanging on exit?
Is there a more elegant way to remotely run chef-client?
How long does it take for a Route 53 CNAME to work?
Best Practices for updating a previously unmaintained server RHEL5.7
Automatically Applying Security Updates for AWS Elastic Beanstalk